I'm using isakmpd to manage an ipsec VPN between OpenBSD 5.8 <-> OpenBSD 6.0. This also manages a VPN between Mac OS X/ IPsecuritas and OpenBSD 6.0.
The example describes a situation where you have one self signed root certificate located in /etc/isakmpd/ca/root.crt and otherside::client.crt from the other side which should be signed by root.crt. My situation is slightly different. I have: otherside::client.crt (signed by) /etc/isakmpd/ca/intermediate.crt (signed by) /etc/isakmpd/ca/root.crt But I'm having trouble getting this going. As I read the source code in x509.c I can see that isakmpd is at least reading and hashing all the certs in /etc/isakmpd/ca. Is there something special that I have to do to have it chain intermediate.crt -> root.crt so it can use client.crt without having to put client.crt into /etc/isakmpd/certs? Thanks for all your help! -- Chris